EllisLab text mark
Advanced Search
     
[solved] a3m Yahoo problem - The action you have requested is not allowed.
Posted: 18 March 2012 07:54 AM
Joined: 2011-04-28
575 posts

Hi guys,

I’ve just installed a3m into my existing development project, and after some tweaking an and tinkering I’ve managed to get it all working, apart from the Yahoo login.

When I try to sign in with my Yahoo account, I get the following javascript pop-up, callback URL, and error message:

JS pop-up

Although this page is encryptedthe information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information

Callback URL

http://www.myvirtualdomain.com/account/connect_yahoo?janrain_nonce=2012-03-18T11:48:24ZMSsIVZ 

(above url getting re-configured by this message system, the above two colons : are actually percentage % symbols).

Error message/page on my site after the callback.

An Error Was Encountered

The action you have requested is not allowed

It is successfully logging me into Yahoo (if I’m not already logged in), or if I am already logged in I still get the same process of JS pop-up, callback URL, and Error page on my site.

I’ve already enabled $_GET in my config file using:

$config['allow_get_array'TRUE

Anyone got any ideas what might be going on here???

 Signature 

My new website: www.downundr.com all about Australia, check it out!

Oh, and before you post a question on this forum have you searched for a solution on google? 90% of questions on here have already been answered!!!

 
Posted: 18 March 2012 08:11 AM   [ # 1 ]   [ Rating: 0 ]
Avatar
Joined: 2010-08-13
77 posts

Yop,

Maybe a way ...

JS pop-up: you use http and not https.

The action you have requested is not allowed:

if $config[‘csrf_protection’] = TRUE; you must use form_open() to include so that the csrf.

 
Posted: 18 March 2012 01:28 PM   [ # 2 ]   [ Rating: 0 ]
Joined: 2011-04-28
575 posts

Well, I’m still no closer to finding the issue…

It’s not CSRF as I’ve tested with it set to false (and true) with no difference in behavior.

I realised, that considering I’ve enabled $_GET, I had some missing permitted_uri_chars in my config file, it now looks like this:

$config['permitted_uri_chars''a-z 0-9_\-%=?:'

But still I get the error message. Anyone got any ideas (and thanks Noobigniter for your input on CSRF)

 Signature 

My new website: www.downundr.com all about Australia, check it out!

Oh, and before you post a question on this forum have you searched for a solution on google? 90% of questions on here have already been answered!!!

 
Posted: 18 March 2012 01:55 PM   [ # 3 ]   [ Rating: 0 ]
Joined: 2011-04-28
575 posts

Ah, apologies @ Noobigniter, it was actually a CSRF thing, further down my config file I was resetting it back to TRUE (left over code from when I was testing some ajax functionality which I forgot to delete).


For anyone else who is having problems with their a3m and yahoo, this piece of code did the trick for me (it goes in your config file).

if(stripos($_SERVER["REQUEST_URI"],'/account/connect_yahoo') === FALSE)
{
    $config[
'csrf_protection'TRUE;
}
else
{
    $config[
'csrf_protection'FALSE;
 Signature 

My new website: www.downundr.com all about Australia, check it out!

Oh, and before you post a question on this forum have you searched for a solution on google? 90% of questions on here have already been answered!!!

 
Posted: 18 March 2012 03:16 PM   [ # 4 ]   [ Rating: 0 ]
Avatar
Joined: 2010-08-13
77 posts

Glad that you’ve put on the way. smile